Microsoft says BlackCat ransomware affiliates are now attacking Microsoft Exchange servers using exploits targeting unpatched vulnerabilities. In at least one incident that Microsoft's security experts observed, the attackers slowly moved through the victim's network, stealing credentials and exfiltrating information to be used for double extortion.